Fabre

#1102003 php-horde-imp: CVE-2025-30349 #1102003

Package:: src:php-horde-imp

Source:: src:php-horde-imp

Submitter:: Salvatore Bonaccorso

Date:: 2025-04-03 20:03:03 UTC

Severity:: normal

Tags:

#1102003#5

Date:: 2025-04-03 20:00:18 UTC

From:

To:

Hi,

The following vulnerability was published for php-horde-imp.

CVE-2025-30349[0]:
| Horde IMP through 6.2.27, as used with Horde Application Framework
| through 5.2.23, allows XSS that leads to account takeover via a
| crafted text/html e-mail message with an onerror attribute (that may
| use base64-encoded JavaScript code), as exploited in the wild in
| March 2025.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2025-30349
https://www.cve.org/CVERecord?id=CVE-2025-30349
[1] https://github.com/horde/imp/commit/8a89d755e0356e7785e555d85c881fd4774e973e

Regards,
Salvatore

#1102003 php-horde-imp: CVE-2025-30349 #1102003

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)